Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
References
| Link | Resource |
|---|---|
| https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119 | Issue Tracking Product |
| https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch | Patch |
| http://www.openwall.com/lists/oss-security/2026/03/05/1 | Mailing List Third Party Advisory |
Configurations
History
09 Mar 2026, 14:58
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119 - Issue Tracking, Product | |
| References | () https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch - Patch | |
| References | () http://www.openwall.com/lists/oss-security/2026/03/05/1 - Mailing List, Third Party Advisory | |
| CPE | cpe:2.3:a:dougdude:net\:\:nsca\:\:client:*:*:*:*:*:perl:*:* | |
| First Time |
Dougdude
Dougdude net\ |
05 Mar 2026, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
05 Mar 2026, 12:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
05 Mar 2026, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-05 03:15
Updated : 2026-03-09 14:58
NVD link : CVE-2024-57854
Mitre link : CVE-2024-57854
CVE.ORG link : CVE-2024-57854
JSON object : View
Products Affected
dougdude
- net\
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)